As the complexity of a client applications grows, so does the number of web services such applications interact with. Many web services employ authenticated sessions to the server. Some of the standard methods of authentication include using Integrated Windows Authentication (IWA), client certificate based authentication with mutual transport level security (MTLS) and various forms of message level authentications. Web services today are increasingly inclined towards message level authentication using the Web Service Security (WSS) protocol because of its extensibility. A WSS message itself might carry authentication tokens that are derived from Kerberos tickets, X.509 certificates, or XML tokens (e.g., SAML tokens).
Web service implementations may share the authentication token providers. However, the token itself used to authenticate at the message level is typically different because the target name of the web service against which the token is validated may differ. Moreover, the token providers may be standards based, proprietary implementation using a library, or proprietary implementation using a protocol.
Thus, there is no single interface available that provides the ability to consolidate different technologies such that a communications client can easily authenticate with various web services. Furthermore, it is a challenge for enterprise clients—as enterprise and cloud-based services integrate—to operate within an extensible framework that can integrate various web technologies and authenticate with them.